Tip

Hot Pick: SQL Guard

SQL Guard
Guardium
Price: Starts at $12,995

Databases have a tremendous amount of built-in security to protect data. What they lack is the ability to defend their underlying code and engines from external attacks and internal misuse.

    Requires Free Membership to View

Guardium's SQL Guard is part of the emerging class of security devices that sit in front of databases, monitoring traffic for illegal and malicious activity. Its robust features maintain detailed audit logs and can alert security managers at the first sign of trouble. Built on a Linux appliance, SQL Guard supports all leading database implementations: Oracle, IBM, Sybase and Microsoft. Its passive monitoring won't impede database performance, though Guardium rates throughput at 400 requests per second. It captures traffic type, source, requests and user names to determine whether the activity is authorized and for forensic analysis in the event of a breach.


FOR MORE INFORMATION ON THIS TOPIC, VISIT THESE RESOURCES:
  • Check out this SQL Server user-security checklist.
  • Check out these five tips on secure database development.

    SQL Guard can be deployed inline (i.e., preventative mode) to block sessions, commands and traffic from watch list users or any traffic that triggers filtering rules. While there's always potential for false positives to block legitimate traffic, our testing found its automated blocking accuracy near perfect.

    Similar to a firewall, SQL Guard's filtering rules alert security managers to traffic from defined sources and users or to traffic that includes particular commands, such as excessive logons, one-user/one-IP, clients executing administrative commands, SQL overflows and SQL injection attacks.

    SQL Guard is actually a suite of three modules: HealthGuard, PolicyGuard and AuditGuard.

    HealthGuard continuously monitors and assesses database-bound traffic, proactively rating threat levels to the database through an assortment of utilities. The intelligence gathered by the module is fuel for the rest of the suite.

    PolicyGuard offers policy-generation tools, real-time policy alerts and automated policy enforcement. Security managers can use it to define acceptable use within their environment, such as access restrictions to the database code after hours. Any policy violation results in an alert via the SQL Guard interface, scheduled reports or e-mail alerts.

    AuditGuard is a must-have for enterprises that fall under government regulations such as HIPAA and Sarbanes-Oxley. It offers granular tracking and reporting of all database activities; the reports are easy to customize and generate through the Web-based Java interface.

    It's this interface that puts SQL Guard in a league of its own. One click can dissect SQL commands and render how and what data is being accessed within the database and who's changing it. Its ability to monitor entire user sessions is impressive, and its forensics tools, which can track the path of a suspicious user, trace attacks, gather evidence and recover deleted data, are alone worth the cost of deployment.

    A useful feature is SQL Guard's single-click access for viewing all SQL commands and prominent "watch lists" to monitor suspicious IP addresses.

    SQL Guard's hierarchical architecture is especially helpful in large, complex database deployments covering multiple implementations and types of databases. By dispersing appliances throughout the network in front of databases or DMZ-like subnets housing databases (each configured to pass traffic through an encrypted link back to the root platform), this hierarchy lets individual DBAs monitor particular systems while the security manager views collected data and correlates enterprise-wide trends.

    Guardium's SQL Guard is a perfect addition for enterprises responsible for maintaining the security of multiple databases, but lacking the authority, time or skill set to continuously assess and reconfigure them.

    About the author
    James C. Foster is the deputy director for Global Security Solution Development at CSC. Foster has also worked for Guardent (acquired by Verisign), Foundstone (acquired by McAfee) and the Department of Defense.

    This article originally appeared in our sister publication Information Security magazine.

    This was first published in December 2004

  • There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.